Risk-based access control systems built on fuzzy inferences

Fuzzy inference is a promising approach to implement risk-based access control systems. However, its application to access control raises some novel problems that have not been yet investigated. First, because there are many different fuzzy operations, one must choose the fuzzy operations that best address security requirements. Second, risk-based access control, though it improves information flow and better addresses requirements from critical organizations, may result in damages by malicious users before mitigating steps are taken. Third, the scalability of a fuzzy inference-based access control system is questionable. The time required by a fuzzy inference engine to estimate risks may be quite high especially when there are tens of parameters and hundreds of fuzzy rules. However, an access control system may need to serve hundreds or thousands of users. In this paper, we investigate these issues and present our solutions or answers to them.

[1]  S. Gottwald A Treatise on Many-Valued Logics , 2001 .

[2]  Sándor Jenei,et al.  Recent Advances in the Field of Left-continuous t-norms , 2007, EUSFLAT Conf..

[3]  Vladik Kreinovich,et al.  Fuzzy Rule Based Modeling as a Universal Approximation Tool , 1998 .

[4]  Petr Hájek,et al.  Metamathematics of Fuzzy Logic , 1998, Trends in Logic.

[5]  Chuen-Tsai Sun,et al.  Using Genetic Algorithms in Structuring a Fuzzy Rulebase , 1993, ICGA.

[6]  Anthony F. Norcio,et al.  Representation, similarity measures and aggregation methods using fuzzy sets for content-based recommender systems , 2009, Fuzzy Sets Syst..

[7]  Christopher J. Alberts,et al.  Managing Information Security Risks: The OCTAVE Approach , 2002 .

[8]  Francisco Herrera,et al.  Learning the membership function contexts for mining fuzzy association rules by using genetic algorithms , 2009, Fuzzy Sets Syst..

[9]  J. Y. Cheung,et al.  Smooth response sliding mode fuzzy control with intrinsic boundary layer , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..

[10]  D. Sharp,et al.  QMU and Nuclear Weapons Certification What ’ s under the hood ? , 2022 .

[11]  Claudia Keser,et al.  Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[12]  Bernard De Baets,et al.  On the structure of left-continuous t-norms that have a continuous contour line , 2007, Fuzzy Sets Syst..

[13]  Didier Dubois,et al.  Fuzzy set connectives as combinations of belief structures , 1992, Inf. Sci..

[14]  Meng Joo Er,et al.  Automatic Generation of Fuzzy Inference Systems Using Unsupervised Learning , 2005, Proceedings of the 2005 IEEE International Symposium on, Mediterrean Conference on Control and Automation Intelligent Control, 2005..

[15]  Mohamed Benrejeb,et al.  Choice of conjunctive operator of TSK fuzzy systems and stability domain study , 2008, Math. Comput. Simul..

[16]  Chung-Feng Jeffrey Kuo,et al.  Auto-focus control of a CMOS image sensing module , 2007, J. Intell. Fuzzy Syst..

[17]  Constantin V. Negoita,et al.  On Fuzzy Systems , 1978 .

[18]  Sándor Jenei,et al.  How to construct left-continuous triangular norms--state of the art , 2004, Fuzzy Sets Syst..

[19]  Lotfi A. Zadeh,et al.  The Concepts of a Linguistic Variable and its Application to Approximate Reasoning , 1975 .

[20]  Robert N. Lea,et al.  Space shuttle attitude control by reinforcement learning and fuzzy logic , 1993, [Proceedings 1993] Second IEEE International Conference on Fuzzy Systems.